0

Here is a summary of what I'm trying to do:

enter image description here

I can get my flask app to respond without HTTPS/SSL. But am receiving a '503 Service Unavailable' when I am trying to use SSL. My understanding is since the load balancer has the Cloudflare origin certificate installed, it will SSL terminate so the flask app does not need modifications for SSL.

Here is my Kubernetes yaml for the load balancer and flask app service:

apiVersion: v1 kind: Service metadata: name: flask-service labels: run: flask-service annotations: service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443" service.beta.kubernetes.io/do-loadbalancer-certificate-id: "68e1d971-1a7c-40d2-8f33-aed797a9535d" spec: selector: app: flask ports: - name: tcp protocol: "TCP" port: 5000 targetPort: 5000 - name: https protocol: TCP port: 443 targetPort: 5000 type: LoadBalancer --- apiVersion: apps/v1 kind: Deployment metadata: name: flask spec: selector: matchLabels: app: flask replicas: 1 template: metadata: labels: app: flask spec: containers: - name: flask imagePullPolicy: Always image: gcr.io/xxxxyyyyyy/flask:staging ports: - containerPort: 5000 resources: limits: memory: 8000Mi requests: memory: 4000Mi

I would appreciate any suggestions as I have been looking at this problem for the past few days with no luck.

Improve this question

1 Answer 1

Reset to default
0

In the company I'm working for, we are just have a lot of same issues with Cloudflare and Docker Swarm. We are hitting a lots of 503 Error and we are running both node, php and python application.

What we discovered is when you are create a single connection between Cloudflare and your Cluster its some buffering and keep a live settings you did not have control over, and this 503 Error keep coming.

We discovered this with Cloudflare service, HA Proxy, Load Balance from Digital ocean and with default NGINX settings.

We dive deep into it and try to search on what happen, first of all cloudflare give us around 1-300ms more ping time for every single request, the secound is NGINX enable proxy buffering and this 2 things to getter is not working pretty well I think.

So what I can recommend and its working for us is setup a NGINX server as proxy layer, disable proxy buffering and then use Letsencrypt (certbot) to generate your own SSL - don't dot it on production, create a test setup first.

That's my best shoot to tell you what's going on here, its sound a lot like the issue we fight with in months before we discovered this issue about the connection drops between client and the Docker Swarm service containers.

If you test my answer of, late me know about its help you.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.